Weaknesses of type CWE-284
4,445 resultsCVE-2026-41166HIGHOpenRemote has Improper Access Control via updateUserRealmRoles functionEPSS 0.3%CVE-2025-62159HIGHExternal Secrets Operator's BeyondTrust Provider has Insecure Secret RetrievalEPSS 0.3%CVE-2026-54533MEDIUMvantage6 node has an Improper Access Control issueEPSS 0.3%CVE-2025-9800MEDIUMSimStudioAI sim HTML File route.ts import unrestricted uploadEPSS 0.3%CVE-2020-3524MEDIUMCisco IOS XE ROM Monitor Software VulnerabilityEPSS 0.3%CVE-2026-7711MEDIUMMindsDB Engine proc_wrapper.py exec unrestricted uploadEPSS 0.3%CVE-2022-42814MEDIUMA logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data.EPSS 0.3%CVE-2023-47294HIGHAn issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete userEPSS 0.3%CVE-2025-15109MEDIUMjackq XCMS upload.php unrestricted uploadEPSS 0.3%CVE-2026-12529MEDIUMSourceCodester CET Automated Grading System with AI Predictive Analytics Student Self-Registration Endpoint index.php access controlEPSS 0.3%CVE-2026-6596MEDIUMlangflow-ai langflow API Endpoint endpoints.py create_upload_file unrestricted uploadEPSS 0.3%CVE-2024-44913MEDIUMAn issue in the component EXR!ReadEXR+0x40ef1 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. TEPSS 0.3%CVE-2026-32768HIGHChall-Manager's invalid NetworkPolicy enables a malicious actor to pivot into another namespaceEPSS 0.3%CVE-2026-4536MEDIUMAcrel Environmental Monitoring Cloud Platform unrestricted uploadEPSS 0.3%CVE-2025-43862HIGHDify Allows Unauthorized Access and Modification of APP OrchestrationEPSS 0.3%CVE-2025-29705MEDIUMcode-gen <=2.0.6 is vulnerable to Incorrect Access Control. The project does not have permission control allowing anyone to access such projEPSS 0.3%CVE-2025-12884MEDIUMAdvanced Ads – Ad Manager & AdSense <= 2.0.14 - Missing Authorization to Authenticated (Subscriber+) Ad Placements UpdateEPSS 0.3%CVE-2026-28965HIGHA privacy issue was addressed with improved checks. This issue is fixed in iOS 26.5 and iPadOS 26.5. A user may be able to view restricted cEPSS 0.3%CVE-2026-4221MEDIUMTiandy Easy7 Integrated Management Platform Endpoint uploadLedImage unrestricted uploadEPSS 0.3%CVE-2024-39837LOWMalicious remote can create arbitrary channelsEPSS 0.3%